17th International System Safety Conference August 16-21, 1999, Orlando, Florida System Safety at the Dawn of a New Millennium www.system-safety.org

  Schedule- Quick and Detailed Versions

(as of 7/23/99)

Look below for the following highlights:

• Main conference runs Tuesday through Friday
• 3 ½ days of paper presentations
• Daily luncheons
• Dinner and entertainment Wednesday evening
• Kennedy Space Center Tours Monday and Saturday
• CSP preparation course Saturday through Monday.
• Numerous panels and tutorials, starting Monday.

  17^th ISSC Schedule at a Glance

(click on the day or scroll down for details)
 

Technical Sessions:
 

Tutorials: (click on the number of the tutorial for more information) CEU's will be provided for all tutorials:  0.1 CEU / Hour.
 

TU-1 Monday, 8/16/99, All Day. Operational Risk Management, Jack Copeland, U.S Air Force, Warner Robins Air Logistics Center

Operational Risk Management (ORM) is a step-by-step common sense approach to making risk decisions concerning planned activities. ORM relies on traditional system safety hazard analysis and risk assessment techniques.  The seminar will discuss the six steps of ORM (Identify Hazards, Assess Risks, Analyze Risk Controls, Make Control Decisions, Implement Risk Controls, and Supervise & Review) and guide the participants through an actual application.

TU-2 Monday, 8/16/99, Morning. New Hybrid (Possibilistic/Probabilistic) Safety Analysis Techniques, Dr. Arlin Cooper, Sandia National Laboratories

There are many potential sources of quantitative variation in analyses. One form is classical variability, which is applicable to first-principle-based problems. Another form is subjective uncertainty, which means that available data or models are not definitive enough to prescribe variability, thereby requiring possibilistic treatments.

Since conventional safety analysis techniques do not directly handle subjective information as such, we have prepared a tutorial describing emerging methodology for doing so. We also demonstrate computer codes for combining data, physical models, and engineering judgment into a comprehensive hybrid probabilistic/possibilistic safety analysis methodology. Another capability of interest is displaying output results so that they are meaningful for analysts and decision-makers.

TU-3 Monday, 8/16/99, Afternoon. Software Safety, Dr. Nancy Leveson, MIT

The introduction of computers into safety-critical and mission-critical systems has complicated the job of system safety engineers. The traditional techniques developed for electromechanical systems do not apply directly to software. However, they can be adapted and extended to handle software-controlled systems. This tutorial will describe how this goal can be accomplished. Topics to be covered include: unique safety problems created by software, project management, software hazard analysis, software requirements analysis, designing software for safety, human-computer interface design, and software safety verification.

TU-4 Monday, 8/16/99, Morning. Safety Analysis Handbook, Warner Talso / Dick Stephans, SSS

The purpose of this tutorial is to discuss the System Safety Analysis Handbook and how it supports the discipline of System Safety. The Handbook is intended to aid a formal, systematic, and structured approach to the identification, evaluation and elimination or mitigation of potential hazards in the safety analysis process.  This tutorial will include:

- A walk-through of the System Safety Analysis Handbook.

- A discussion of the application of the system safety process

- A discussion of the available techniques and methodologies that are useful tools for the process of developing safety assessments and safety analyses.

The CD-ROM version of the Handbook will be introduced at the Conference. This will be a very readable format and contain the complete Handbook, plus hypertext links, word search capability, and an Internet browser to make the Handbook that much easier to use. This will be in Adobe Acrobat format that and readable by PC or Macintosh machines. There will be a special price for Conference attendees. This will include a free copy of MIL STD 882 on the CD-ROM.

TU-5 Monday, 8/16/99, Afternoon. Real-Time Safety-Critical Systems: From Research to Practice, Dr. Janusz Zalewski, University of Central Florida

Today computers are used in a variety of applications, which are being computerized to increase production or service efficiency: nuclear power plants, aircraft and aerospace vehicles, air traffic control, ground transportation systems (cars, trains), medical electronic devices and patient monitoring, chemical plants, fire protection systems on oil/gas platforms, telephone switching networks, robots in manufacturing systems and hazardous environments, military vehicles (planes, tanks, missiles, etc.).

All these applications operate in principle, in real time, that is, they must repond to stimuli within bounded time. They are also characterized by the high risk involved, which means that a failure of a computer system may cost lives or cause large financial losses. Therefore, safety issues concerning the use of computers in real time are becoming more and more important.

This tutorial addresses the most important aspects of practical development of real-time safety-critical applications. The subject is approached in a hierarchical manner, starting from the specification and design layer, down through three implementation layers: programming language issues, operating system kernels, and hardware architectures. Practical examples of system development in all subject areas will be given. The approach is to overview research issues and see their relevance to practice.

TU-6 Tuesday, 8/17/99, Afternoon. Developing a Winning Proposal, Niles Welch, ASWaterman, Inc.

In these days of increased competition for fewer contract dollars, the ability to develop a winning proposal may be your company's quickest route to success -- and your quickest route to success within your company. Whether you're responding to a government Request for Proposal (RFP), bidding for a commercial contract, applying for the government's Small Business Innovative Research (SBIR) program, or seeking funding for a special project, this course will show you guidelines, techniques and methods to help you win -- and keep on winning. This seminar contains in-class exercises such as drafting a response to an RFP, preparing a proposal plan and writing an executive summary.

TU-7 Wednesday, 8/18/99, Morning. An Introduction to the IEC Standard 61508, Felix Redmill

The international standard, IEC 61508, addresses the functional safety of programmable safety-related systems. It is a 'meta standard', to be used as a basis of sector-specific standards, but where these do not yet exist, it is also intended for direct use. It defines the way in which we need to think and act towards safety throughout a system's life cycle. In particular, if our system is going to pose risks, it places a mandate on us to understand the risks.

Even in its draft stages, IEC 61508 was influential, particularly in Europe. Sector-specific standards have already been based on it, for example in the gas and automotive industries. Now that it has reached the end of the standardisation process, customers are already demanding that suppliers conform to it. As its principles are recognised to reflect current best practice, not only technical programmes but also legal frameworks will expect adherence to it. Yet many safety-critical system practitioners have only recently heard of the standard, and of those who have seen it many have found difficulty in reading and understanding it.

This tutorial is designed to explain the standard - what it is, what its objectives are, how it sets out to achieve its objectives, and how it will affect the way in which we manage safety. It will also explain the technical principles embedded in the standard. At the end of the tutorial, a delegate should understand the context, principles and effect of the standard, and should be confident and able to read and understand the standard itself.

TU-8 Wednesday, 8/18/99, Afternoon. Accident Investigation, Robert Swenginnis, Embry-Riddle University

The tutorial on accident investigation, although applicable to any investigation, will use aviation accidents as examples and will include:

- a review of various accident analysis and management techniques to include Management Oversight and Risk Tree (MORT), Simultaneous Time and Events Processing (STEP), Fault Trees in accident investigation.

- the various purposes of accident investigations and investigative process used by organizations such as the NTSB and ICAO.

- examples of techniques used during the field investigation of wreckage patterns, structural failure, system failure, and mid-air collisions.

- the role of accident investigation in the system safety process.

Panels: (click on the number of the tutorial for more information)
 

PL-1 Tuesday, 8/17/99, Morning. MIL-STD-882D Panel, Dick Weber,

Panelists:

• Ray Biagini, Partner at McKenna & Cuneo, Washington, DC
• Chuck Dorney, Chief of System Safety, USAF Materiel Command
• Larry Inokuchi

This panel will center around System Safety A "New" Approach to Safety Assurance. 

The process of acquisition reform has evolved as the principal factor in ensuring a strong, continuing force for system safety and for MIL-STD-882.  Although the acquisition reform process has necessarily focused on the elimination of specs and standards, government and industry alike realized early on in the process that system safety was unique -- that the retention of MIL-STD-882 was essential to the design of safe products. It could not be eliminated, but it did have to be structured in a way that moved the system safety process into direct support of the acquisition reform process -- directly addressing performance and objectives as opposed to merely specifying tasks.   A special technical panel addressed the professional needs for a new approach to a system safety standard practice at the 15th ISSC in 1997. The results from that panel session formed the basis for the work of the 882D IPT that was subsequently established to develop the new standard. The resultant performance-oriented approach (identify hazards, identify risk, incorporate ways to eliminate/control risk) is now embodied in Revision D to the system safety standard, MIL-STD-882.

This approach is a major change to the way of contracting for a safe system.  All aspects of the profession -- practitioners, program managers, contract managers, legal counsel -- are affected and need to understand the benefits and potential pitfalls. The 882D panel session at the 17th ISSC will address the implementation/application of the new standard.

The concept for the new panel session will be to support an open discussion between the panel members as well as members of the audience concerning the potential impact of the application of the process.   Following an opportunity for each panel member to present a statement of their position/interest regarding the subject, the panel members will then participate in an in-depth discussion and address questions from the audience and each other regarding the future application of the standard.  The panel members have been selected to represent all aspects of the system safety process, government and industry. Key members of the 882D IPT will be included.

PL-2 Thursday, 8/19/99, Morning. Selected Critical Issues in Aviation Safety Risk Management, Geoff McIntyre, FAA

Panelists:

• Safety Risk Management Policy, Steve Smith, FAA

• Risk-based Decisionmaking for Aviation Safety Inspectors through Bayesian Belief Networks, Dr. Jim Loxhoj, Rutgers University

• Air Traffic Risk Monitoring Models, David Gleave, Aviation Hazard Analysis, UK

• Human Factors Models for Aviation, Capt.Vincent Mancuso, Delta Airlines (awaiting confirmation)

• "Safety Cases: Fact or Fiction.", Kim O’Neil, Advanced Aviation Technology, UK

This panel examines critical issues in aviation safety risk management. It attempts to respond to the challenge of achieving synergism among aviation safety practitioners: How can we generate greater value by working together and sharing best practices from among several disciplines and safety perspectives?

PL-3 Thursday, 8/19/99, Morning. Critical Infrastructure Protection, Chuck Howell, Mitre

Panelists:

Darwyn Banks, Critical Infrastructure Protection Office

Tom Everett, The MITRE Corporation

John Ganter, Sandia National Labs

Jeffrey Voas, Reliable Software Technologies

LTC Paul Walczak, U.S. Army Research Lab

Chuck Howell, The MITRE Corporation, panel chair.

This panel will address the intersections of system/software safety techniques and the concerns of Critical Infrastructure Protection (CIP) and Defensive Information Warfare (IW).

A range of activities and discussions have been generated by Presidential Decision Directive 63 (regarding the protection of critical infrastructure elements such as telecommunications, electric power, emergency services, etc. from attacks, including "cyber" attacks). There has also been considerable interest in Defensive Information Warfare generated by exercises such as "Eligible Receiver" and by studies such as the Defense Science Board Report on Information Warfare.

Many (clearly not all) CIP/IW researchers and practitioners come from Information Security backgrounds and may not be familiar with some of the techniques and approaches used in the safety community. On the other hand, some portions of the safety community may not be aware of the challenges presented by CIP/IW, and may not appreciate the scope of current and planned activities related to CIP/IW.

The goal of the Panel is to generate some discussion that crosses "stovepipes" of interest. A very brief overview of CIP/IW issues and activities (e.g., concerns in the power, banking, and telecommunications industries about fragile and vulnerable infrastructure, demonstrations of IW threats such as the "Eligible Receiver" exercise) will set the context for the panel discussion.

PL-4 Thursday, 8/19/99, Afternoon. Safety Integrity Levels, Felix Redmill

Panelists:

• Felix Redmill, chairman;
• Tim Kelly, of York University, UK
• Steven Mattern, Senior Scientist, Science & Engineering Associates, Inc., USA

The safety integrity level (SILs) of a safety-related system defines the system's target rate of dangerous failures. The SIL concept has been employed in standards which offer guidance on the design and development of safety-related systems, but its importance has increased with its use in the international standard, IEC 61508.

It is now considered necessary for all safety practitioners to understand SILs, but as well as the concept being relatively complex, it is not clearly explained in the standards which use it, and the various standards derive SILs in different ways.

Commencing with a short lecture to explain the SIL concept, this panel session sets out to address not only how SILs are used, but also the difficulties they present and the ways in which they can be misleading.

Chaired by Felix Redmill, the international panel promises a lively and informative session. We will hear the panelists' opinions, but we will gain more from discussion than from their erudition, so prepare your questions, doubts, and tales of woe, and come to air them, to challenge, to learn from discussion, and to teach by inquiring.

***Cancelled*** PL-5 Thursday, 8/19/99, Afternoon. Safety Standards, Rodney Schaeffer ***Cancelled***
 

CSP Preparation Course will be conducted by SRS/Las Vegas Safety Workshops on 14-16 August. Registration and fees handled by SRS. They are handling it similarly to last year. People need to register directly with SRS at 1-888-589-6757.

Tour of Kennedy Space Center - All conference attendees will be provided the opportunity to tour Kennedy Space Center (KSC) for only $10. We have arranged for representatives from the KSC Safety Office to serve as your personal tour guide on a KSC tour Monday and Saturday.  These tours are limited to the first 50 people that sign up for each day.  Additional tours will be provided through the KSC visitor center on Saturday.  All of these tours are available for $38 for persons (such as family) not attending the conference.  Go to the Tickets and Tour page to view a description of the tours, to sign up, and pay by credit card. EVERYONE ATTENDING THE TOURS MUST SIGN-UP.

17^th ISSC Technical Program -  Detailed Schedule

  Back to Orlando '99 home